FIM and System Call Auditing at Scale in a Large Container Deployment

This will show how, on a large container deployment, the speaker achieved insight into security events like file events on sensitive files, system call auditing, user level activity trail, network activity, etc., by customizing and plumbing a stack of open source tools that use the underlying Linux’s inotify and kernel audit components and by aggregating these events centrally in Elasticsearch.

Speaker: Ravi Honnavalli

Ravi Honnavalli is an information security professional with over 15 years of architecting, designing, developing and technically leading teams in the fields of security product development and network security. Honnavalli has a master’s degree from National University of Singapore, majoring in cryptography and has filed three patents with USPTO, all related to product ideas in the field of information security. Honnavalli is an active open source contributer.